| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Installing Che on AWS :: Eclipse Che Documentation</title> |
| <link rel="canonical" href="https://www.eclipse.org/che/docs/che-7/installation-guide/installing-che-on-aws/"> |
| <meta name="keywords" content="overview, installing-che-on-aws"> |
| <meta name="generator" content="Antora 2.3.4"> |
| <link rel="stylesheet" href="../../../_/css/site.css"> |
| <link rel="stylesheet" href="../../../_/css/extra.css"> |
| <link rel="stylesheet" href="../../../_/font-awesome-4.7.0/css/font-awesome.min.css"> |
| <link rel="icon" href="../../../favicon.ico" type="image/x-icon"> |
| <script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script> |
| <script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script> |
| <script>var uiRootPath = '../../../_'</script> |
| </head> |
| <body class="article"> |
| <header class="header" role="banner"> |
| <nav class="navbar"> |
| <div class="navbar-brand"> |
| <div class="navbar-item"> |
| <button class="navbar-burger" data-target="topbar-nav"> |
| <span></span> |
| <span></span> |
| <span></span> |
| </button> |
| <img src="../../../_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo"> |
| <a href="https://www.eclipse.org/che/docs">Eclipse Che Documentation</a> |
| </div> |
| </div> |
| <div id="topbar-nav" class="navbar-menu"> |
| <div class="navbar-end"> |
| <div class="navbar-item hide-for-print"> |
| <script async src="https://cse.google.com/cse.js?cx=002898025167115630151:gnr5edrg2eo"></script> |
| <div class="gcse-searchbox" enableAutoComplete="true"></div> |
| </div> |
| <a class="navbar-item" href="#">Home</a> |
| <a class="navbar-item" href="https://che.eclipse.org/">Blog</a> |
| <a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a> |
| </div> |
| </div> |
| </nav> |
| <div class="gcse-searchresults"></div> |
| </header> |
| <div class="body"> |
| <div class="nav-container" data-component="che-7" data-version="master"> |
| <aside class="nav"> |
| <div class="panels"> |
| <div class="nav-panel-menu is-active" data-panel="menu"> |
| <nav class="nav-menu"> |
| <h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></h3> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../overview/che-architecture/">Che architecture</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../hosted-che/hosted-che/">Eclipse Che hosted by Red Hat</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">End-user Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/navigating-che/">Navigating Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/navigating-che-using-the-dashboard/">Navigating Che: dashboard</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/importing-certificates-to-browsers/">Importing certificates to browsers</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/accessing-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/che-theia-ide-basics/">Che-Theia IDE basics</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/defining-custom-commands-for-che-theia/">Defining custom commands for Che-Theia</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/version-control/">Version Control</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/che-theia-troubleshooting/">Che-Theia Troubleshooting</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/differences-in-how-che-theia-webview-works-on-a-single-host-mode-comparing-to-a-multi-host-mode/">Differences in how Che-Theia Webview works on a single-host mode comparing to a multi-host mode</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/workspaces-overview/">Using developer workspaces</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-code-sample/">Creating a workspace from code sample</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-remote-devfile/">Creating a workspace from a remote devfile using the dashboard</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-local-devfile-using-chectl/">Creating a workspace from local devfile using chectl</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/creating-a-workspace-by-importing-the-source-code-of-a-project/">Creating a workspace by importing the source code of a project</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/configuring-a-workspace-with-dashboard/">Configuring a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/configuring-a-workspace-using-a-devfile/">Configuring a workspace using a devfile</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/running-a-workspace-with-dashboard/">Running a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/importing-kubernetes-applications-into-a-workspace/">Importing Kubernetes applications into a workspace</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/remotely-accessing-workspaces/">Remotely accessing workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container/">Mounting a secret as a file or an environment variable into a workspace container</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/authentication-against-bitbucket-server-with-the-personal-access-token/">Authentication against Bitbucket Server with the personal access token</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/customizing-developer-environments/">Customizing developer environments</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/what-is-a-che-theia-plug-in/">What is a Che-Theia plug-in</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/adding-a-vs-code-extension-to-a-workspace/">Adding a VS Code extension</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/publishing-metadata-for-a-vs-code-extension/">Publishing a VS Code extension</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/testing-a-visual-studio-code-extension-in-che/">Testing a VS Code extension in Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-alternative-ides-in-che/">Using alternative IDEs in Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/support-for-jetbrains-ides/">JetBrains IDEs</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/using-jetbrains-intellij-idea-community-edition/">Using IntelliJ Idea Community Edition</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/using-jetbrains-intellij-idea-ultimate-edition/">Using IntelliJ Idea Ultimate Edition</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/using-jetbrains-webstorm/">Using WebStorm</a> |
| </li> |
| <li class="nav-item" data-depth="4"> |
| <a class="nav-link" href="../../end-user-guide/provisioning-jetbrains-activation-code-for-offline-use/">Provisioning activation code for offline use</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/adding-tools-to-che-after-creating-a-workspace/">Adding tools to Che after creating a workspace</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/using-artifact-repositories-in-a-restricted-environment/">Using artifact repositories in a restricted environment</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-maven-artifact-repositories/">Using Maven artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-gradle-artifact-repositories/">Using Gradle artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-python-artifact-repositories/">Using Python artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-go-artifact-repositories/">Using Go artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-nuget-artifact-repositories/">Using NuGet artifact repositories</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/using-npm-artifact-repositories/">Using npm artifact repositories</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/viewing-che-workspaces-logs/">Viewing Che workspaces logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/investigating-failures-at-a-workspace-start-using-the-verbose-mode/">Troubleshooting workspace start failures</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Installation Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../supported-platforms/">Supported platforms</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../configuring-the-che-installation/">Configuring the Che installation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../installing-che/">Installing Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../installing-che-in-cloud/">Installing Che in cloud</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-openshift-4-using-operatorhub/">Installing Che on OpenShift 4 using OperatorHub</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-openshift-4-using-cli/">Installing Che on OpenShift 4 using CLI</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-openshift-3-using-the-operator/">Installing Che on OpenShift 3</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-kubespray/">Installing Che on Kubespray</a> |
| </li> |
| <li class="nav-item is-current-page" data-depth="3"> |
| <a class="nav-link" href="./">Installing Che on AWS</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-google-cloud-platform/">Installing Che on Google Cloud</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-microsoft-azure/">Installing Che on Microsoft Azure</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../installing-che-locally/">Installing Che locally</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-codeready-containers/">Installing Che on CodeReady Containers</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-docker-desktop/">Installing Che on Docker Desktop</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-minikube/">Installing Che on Minikube</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-minishift/">Installing Che on Minishift</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="../installing-che-on-kind/">Installing Che on Kind</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../using-the-chectl-management-tool/">Using the chectl management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-che-in-a-restricted-environment/">Installing Che in restricted environment</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../advanced-configuration/">Advanced configuration</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../advanced-configuration-options-for-the-che-server-component/">Advanced configuration options for Che server</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-namespace-strategies/">Configuring namespace strategies</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-storage-strategies/">Configuring storage strategies</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-storage-types/">Configuring storage types</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../running-more-than-one-workspace-at-a-time/">Running more than one workspace at a time</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-workspace-exposure-strategies/">Configuring workspace exposure strategies</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-che-hostname/">Configuring Che hostname</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-labels-for-ingresses/">Configuring labels for Kubernetes Ingress</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../configuring-labels-for-routes/">Configuring labels for OpenShift Route</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Deploying Che with support for Git repositories with self-signed certificates</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../installing-che-using-storage-classes/">Installing Che using storage classes</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../importing-untrusted-tls-certificates/">Importing untrusted TLS certificates to Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../switching-between-external-and-internal-communication/">Switching between external and internal ways in inter-component communication</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../setting-up-the-keycloak-che-username-readonly-theme-for-the-eclipse-che-login-page/">Setting up the Keycloak che-username-readonly theme for the Eclipse Che login page</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/">Mounting a secret as a file or an environment variable into a Eclipse Che container</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../upgrading-che/">Upgrading Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-che-using-operatorhub/">Upgrading Che using OperatorHub</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../upgrading-che-using-the-cli-management-tool-in-restricted-environment/">Upgrading Che in restricted environment</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../uninstalling-che/">Uninstalling Che</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../uninstalling-che-after-operatorhub-installation-using-openshift-web-console/">Using the OpenShift web console</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../uninstalling-che-after-operatorhub-installation-using-openshift-cli/">Using OpenShift CLI</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../uninstalling-che-after-chectl-installation/">Using chectl</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Administration Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../administration-guide/che-architecture-overview/">Che architecture</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/che-workspace-controller/">Che workspace controller</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/che-workspaces-architecture/">Che workspaces architecture</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../administration-guide/calculating-che-resource-requirements/">Calculating Che resource requirements</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../administration-guide/customizing-the-registries/">Customizing the registries</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/building-custom-registry-images/">Building custom registry images</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/running-custom-registries/">Running custom registries</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../administration-guide/retrieving-che-logs/">Retrieving Che logs</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/configuring-server-logging/">Configuring server logging</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/viewing-kubernetes-events/">Accessing Kubernetes events on OpenShift</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/viewing-operator-events/">Viewing the Operator events on OpenShift</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/viewing-che-server-logs/">Viewing Che server logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/viewing-external-service-logs/">Viewing external service logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/viewing-plug-in-broker-logs/">Viewing Plug-in broker logs</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/collecting-logs-using-chectl/">Collecting logs using chectl</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../administration-guide/monitoring-che/">Monitoring Che</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../administration-guide/tracing-che/">Tracing Che</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../administration-guide/backup-and-disaster-recovery/">Backup and disaster recovery</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/external-database-setup/">External database setup</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/persistent-volumes-backups/">Persistent Volumes backups</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../administration-guide/caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/defining-the-list-of-images-to-pull/">Defining the list of images</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/defining-the-memory-parameters-for-the-image-puller/">Defining the memory settings</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/installing-image-puller-on-kubernetes-using-the-operator/">Installing using the Operator</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/installing-image-puller-on-openshift-using-operatorhub/">Installing on OpenShift 4</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/installing-image-puller-on-openshift-using-openshift-templates/">Installing on OpenShift 3</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/installing-image-puller-on-kubernetes-using-helm/">Installing using Helm</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../administration-guide/managing-identities-and-authorizations/">Managing identities and authorizations</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/authenticating-users/">Authenticating users</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/authorizing-users/">Authorizing users</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/configuring-authorization/">Configuring authorization</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/configuring-openshift-oauth/">Configuring OpenShift OAuth</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../administration-guide/removing-user-data/">Removing user data</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Contributor Guide</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/branding-che-theia/">Branding Che-Theia</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/developing-che-theia-plug-ins/">Developing Che-Theia plug-ins</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/testing-che-theia-plug-ins/">Testing Che-Theia plug-ins</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/publishing-che-theia-plug-ins/">Publishing Che-Theia plug-ins</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-language/">Adding support for a new language</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-debugger/">Adding support for a new debugger</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../contributor-guide/che-extensibility-reference/">Che extensibility reference</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/che-extension-points/">Che extension points</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/che-theia-plug-in-api/">Che-Theia plug-in API</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/debug-adapter-protocol/">Debug Adapter Protocol</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../contributor-guide/language-server-protocol/">Language Server Protocol</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Extensions</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../extensions/eclipse-che4z/">Eclipse Che4z</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="../../extensions/telemetry/">Telemetry</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/creating-a-telemetry-plugin/">Creating A Telemetry Plugin</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="../../extensions/the-woopra-telemetry-plugin/">The Woopra Telemetry Plugin</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| <div class="nav-panel-explore" data-panel="explore"> |
| <div class="context"> |
| <span class="title">Documentation</span> |
| <span class="version">master</span> |
| </div> |
| <ul class="components"> |
| <li class="component is-current"> |
| <a class="title" href="../../overview/introduction-to-eclipse-che/">Documentation</a> |
| <ul class="versions"> |
| <li class="version is-current is-latest"> |
| <a href="../../overview/introduction-to-eclipse-che/">master</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </aside> |
| </div> |
| <main class="article"> |
| <div class="toolbar" role="navigation"> |
| <button class="nav-toggle"></button> |
| <a href="../../overview/introduction-to-eclipse-che/" class="home-link"></a> |
| <nav class="breadcrumbs" aria-label="breadcrumbs"> |
| <ul> |
| <li><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></li> |
| <li>Installation Guide</li> |
| <li><a href="../installing-che/">Installing Che</a></li> |
| <li><a href="../installing-che-in-cloud/">Installing Che in cloud</a></li> |
| <li><a href="./">Installing Che on AWS</a></li> |
| </ul> |
| </nav> |
| <div class="edit-this-page"><a href="https://github.com/eclipse/che-docs/edit/master/modules/installation-guide/pages/installing-che-on-aws.adoc">Edit this Page</a></div> |
| </div> |
| <div class="content"> |
| <aside class="toc sidebar" data-title="Contents" data-levels="2"> |
| <div class="toc-menu"></div> |
| </aside> |
| <article class="doc"> |
| <h1 class="page">Installing Che on AWS</h1> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>This article describes how to deploy Eclipse Che on the Amazon Web Services (AWS) cloud.</p> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="preparing-the-aws-system-for-installing-che_che"><a class="anchor" href="#preparing-the-aws-system-for-installing-che_che"></a>Preparing the AWS system for installing Che</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The following sections describe how to Configure Kubernetes for Eclipse Che |
| on Amazon Elastic Compute Cloud (Amazon EC2).</p> |
| </div> |
| <div class="ulist"> |
| <div class="title">Prerequisites</div> |
| <ul> |
| <li> |
| <p>A running instance of Kubernetes, version 1.9 or higher, and Ingress.</p> |
| </li> |
| <li> |
| <p>The <code>kubectl</code> tool installed.</p> |
| </li> |
| <li> |
| <p>The <code>chectl</code> tool installed.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="sect2"> |
| <h3 id="_installing_kubernetes_on_amazon_ec2"><a class="anchor" href="#_installing_kubernetes_on_amazon_ec2"></a>Installing Kubernetes on Amazon EC2</h3> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>Configure the AWS Command Line Interface (AWS CLI). For detailed installation instructions, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html">Installing the AWS CLI</a>.</p> |
| </li> |
| <li> |
| <p>Check the <code>PATH</code> environment variable if the <code>aws</code> tool is not available.</p> |
| </li> |
| <li> |
| <p>Install Kubernetes on EC2. There are several ways to have a running Kubernetes instance on EC2. Here, the <code>kops</code> tool is used to install Kubernetes. For details, see <a href="https://kubernetes.io/docs/setup/production-environment/tools/kops/">Installing Kubernetes with <code>kops</code></a>.</p> |
| </li> |
| </ol> |
| </div> |
| <div class="paragraph"> |
| <p>This document assumes that Eclipse Che must be configured to run at <a href="http://che.aws.my-ide.cloud">Che AWS Cloud</a>.</p> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="_setting_up_dns"><a class="anchor" href="#_setting_up_dns"></a>Setting up DNS</h3> |
| <div class="paragraph"> |
| <p>One way to Configure Domain Name System (DNS) is to create the Amazon Route53 to manage the <code>aws.my-ide.cloud</code> domain.</p> |
| </div> |
| <div class="paragraph"> |
| <p>To Configure DNS:</p> |
| </div> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>Create the zone on AWS:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ aws route53 create-hosted-zone --name aws.my-ide.cloud --caller-reference 1 |
| |
| \{ |
| "Location": "https://route53.amazonaws.com/2013-04-01/hostedzone/<em><ZONE-ID></em>", |
| "HostedZone": \{ |
| "Id": "/hostedzone/<em><ZONE-ID></em>", |
| "Name": "aws.my-ide.cloud.", |
| "CallerReference": "1", |
| "Config": \{ |
| "PrivateZone": false |
| }, |
| "ResourceRecordSetCount": 2 |
| }, |
| "ChangeInfo": \{ |
| "Id": "/change/C1ZNLBU45DJUJL", |
| "Status": "PENDING", |
| "SubmittedAt": "2019-07-08T08:14:39.772Z" |
| }, |
| "DelegationSet": \{ |
| "NameServers": [ |
| "ns-1693.awsdns-19.co.uk", |
| "ns-1133.awsdns-13.org", |
| "ns-150.awsdns-18.com", |
| "ns-965.awsdns-56.net" |
| ] |
| } |
| }</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Configure the four DNS <code>nameservers</code> on the <code>my-ide.cloud</code> DNS. Note that when a custom DNS provider, updating the record takes a few hours.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <img src="../_images/installation/dns-nameservers.png" alt="dns nameservers"> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the Simple Storage Service (s3) storage to store the <code>kops</code> configuration.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ aws s3 mb s3://clusters.aws.my-ide.cloud |
| make_bucket: clusters.aws.my-ide.cloud</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Inform <code>kops</code> of this new service:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ export KOPS_STATE_STORE=s3://clusters.aws.my-ide.cloud</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the <code>kops</code> cluster by providing the cluster zone. For example, for Europe, the zone is <code>eu-west-1c</code>.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ kops create cluster --zones=eu-west-1c eu.aws.my-ide.cloud</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the cluster:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ kops update cluster eu.aws.my-ide.cloud --yes</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>After the cluster is ready, validate it:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ kops validate cluster |
| |
| Using cluster from {orch-cli} context: eu.aws.my-ide.cloud |
| |
| Validating cluster eu.aws.my-ide.cloud |
| |
| INSTANCE GROUPS |
| NAME ROLE MACHINETYPE MIN MAX SUBNETS |
| master-eu-west-1c Master m3.medium 1 1 eu-west-1c |
| nodes Node t2.medium 2 2 eu-west-1c |
| |
| NODE STATUS |
| NAME ROLE READY |
| ip-172-20-38-26.eu-west-1.compute.internal node True |
| ip-172-20-43-198.eu-west-1.compute.internal node True |
| ip-172-20-60-129.eu-west-1.compute.internal master True |
| |
| Your cluster eu.aws.my-ide.cloud is ready</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Check the cluster using the <code>kubectl ` command. The `kubectl ` context is also configured automatically by the `kops</code> tool:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} config current-context |
| eu.aws.my-ide.cloud |
| |
| $ {orch-cli} get pods --all-namespaces |
| |
| All the pods in the running state are displayed.</pre> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="_installing_ingress_nginx"><a class="anchor" href="#_installing_ingress_nginx"></a>Installing Ingress-nginx</h3> |
| <div class="paragraph"> |
| <p>To install Ingress-nginx:</p> |
| </div> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>Install the configuration for AWS.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} apply \ |
| -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v0.41.0/deploy/static/provider/aws/deploy.yaml</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>The following output confirms that the Ingress controller is running.</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} get pods --namespace ingress-nginx |
| NAME READY STATUS RESTARTS AGE |
| nginx-ingress-controller-76c86d76c4-gswmg 1/1 Running 0 9m3s</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Find the external IP of ingress-nginx.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} get services --namespace ingress-nginx -o jsonpath='{.items[].status.loadBalancer.ingress[0].hostname}' |
| Ade9c9f48b2cd11e9a28c0611bc28f24-1591254057.eu-west-1.elb.amazonaws.com</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p><strong>Troubleshooting</strong>: If the output is empty, it implies that the cluster has configuration issues. Use the following command to find the cause of the issue:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ {orch-cli} describe service -n ingress-nginx ingress-nginx</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Output similar to the following means a needed role must be created manually:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">arn:aws:sts::269287474311:assumed-role...4bff is not authorized to perform: iam:CreateServiceLinkedRole on resource: arn:aws:iam::269287474311:role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>Run the following command to create the role:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ aws iam create-service-linked-role --aws-service-name "elasticloadbalancing.amazonaws.com"</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Add hosts on route 53 with this given host name https://console.aws.amazon.com/route53/home?region=eu-west-1#hosted-zones:. Ensure that you include the colon (<code>:</code>) at the end of this URL.</p> |
| </li> |
| <li> |
| <p>Create the wildcard DNS <code><strong></code> (for <code></strong>.aws-my-ide.cloud</code>) with the previous host name and ensure to add the dot (<code>.</code>) at the end of the host name. In the <strong>Type</strong> drop-down list, select <strong>CNAME</strong>.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/create-record-set.png"><img src="../_images/installation/create-record-set.png" alt="create record set"></a> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>The following is an example of the resulting window after adding all the values.</p> |
| </div> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/create-record-set-all-values.png"><img src="../_images/installation/create-record-set-all-values.png" alt="create record set all values"></a> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>The <code>che.aws.my-ide.cloud</code> address must resolve to an IP address.</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ host che.aws.my-ide.cloud |
| che.aws.my-ide.cloud is an alias for ade9c9f48b2cd11e9a28c0611bc28f24-1591254057.eu-west-1.elb.amazonaws.com. |
| ade9c9f48b2cd11e9a28c0611bc28f24-1591254057.eu-west-1.elb.amazonaws.com has address 54.77.155.195</pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>The existing Kubernetes instance is prepare to host an Che installation.</p> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="_enabling_the_tls_and_dns_challenge"><a class="anchor" href="#_enabling_the_tls_and_dns_challenge"></a>Enabling the TLS and DNS challenge</h3> |
| <div class="paragraph"> |
| <p>To use the Cloud DNS and TLS, some service accounts must be enabled to have cert-manager managing the DNS challenge for the <em>Let’s Encrypt</em> service.</p> |
| </div> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>Create a new <code>permission</code> file.</p> |
| </li> |
| <li> |
| <p>Use the following command to obtain the zone ID:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ aws route53 list-hosted-zones |
| { |
| "HostedZones": [ |
| { |
| "Id": "/hostedzone/ABCDEFGH", |
| "Name": "aws.my-ide.cloud.", |
| "CallerReference": "1", |
| "Config": { |
| "PrivateZone": false |
| }, |
| "ResourceRecordSetCount": 5 |
| } |
| ] |
| }</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Copy the following content and replace <code>INSERT_ZONE_ID</code> with the route53 zone ID:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">{ |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Effect": "Allow", |
| "Action": [ |
| "route53:GetChange", |
| "route53:ListHostedZonesByName" |
| ], |
| "Resource": [ |
| "*" |
| ] |
| }, |
| { |
| "Effect": "Allow", |
| "Action": [ |
| "route53:ChangeResourceRecordSets" |
| ], |
| "Resource": [ |
| "arn:aws:route53:::hostedzone/<INSERT_ZONE_ID>" |
| ] |
| } |
| ] |
| }</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>In the <strong>EC2 Dashboard</strong>, identify the <strong>IAM role</strong> used by the master node.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/aws-lauch-instance.png"><img src="../_images/installation/aws-lauch-instance.png" alt="aws lauch instance"></a> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>It is located under the <strong>Description</strong> tab, in the <strong>IAM role</strong> field.</p> |
| </div> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/describtion-tab-iam-role.png"><img src="../_images/installation/describtion-tab-iam-role.png" alt="describtion tab iam role"></a> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Click the <strong>IAM role</strong> link (<code>masters.eu.aws.my-ide.cloud</code>, in this case).</p> |
| </li> |
| <li> |
| <p>Click the <strong>Add inline policy</strong> link at the bottom of the window.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/aws-summary-iam-role.png"><img src="../_images/installation/aws-summary-iam-role.png" alt="aws summary iam role"></a> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>In the <strong>Create policy</strong> window, on the <strong>JSON</strong> tab, paste the content of the JSON file created earlier and click the <strong>Review policy</strong> button.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/aws-create-policy.png"><img src="../_images/installation/aws-create-policy.png" alt="aws create policy"></a> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>In the <strong>Name</strong> field, type <code>eclipse-che-route53</code> and click <strong>Create Policy</strong>.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/create-policy-review-policy.png"><img src="../_images/installation/create-policy-review-policy.png" alt="create policy review policy"></a> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| <div class="sect2"> |
| <h3 id="_installing_cert_manager"><a class="anchor" href="#_installing_cert_manager"></a>Installing cert-manager</h3> |
| <div class="olist arabic"> |
| <ol class="arabic"> |
| <li> |
| <p>To install cert-manager, run the following commands (for details, see <a href="https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html">Installing Cert on Kubernetes</a>):</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} create namespace cert-manager |
| namespace/cert-manager created |
| $ {orch-cli} label namespace cert-manager certmanager.k8s.io/disable-validation=true |
| namespace/cert-manager labeled</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Set <code>validate=false</code>. If set to <code>true</code>, it will only work with the latest Kubernetes:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} apply \ |
| -f https://github.com/jetstack/cert-manager/releases/download/v0.15.0/cert-manager.yaml \ |
| --validate=false</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the Che namespace if it does not already exist:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl create namespace eclipse-che |
| namespace/eclipse-che created</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the <strong>cert-manager</strong> user:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ aws iam create-user --user-name cert-manager |
| { |
| "User": { |
| "Path": "/", |
| "UserName": "cert-manager", |
| "userId": "ABCDEF", |
| "Arn": "arn:aws:iam::1234:user/cert-manager", |
| "CreateDate": "2019-07-30T13:50:48Z" |
| } |
| }</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Create the access key:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ aws iam create-access-key --user-name cert-manager |
| { |
| "AccessKey": { |
| "UserName": "cert-manager", |
| "AccessKeyId": "ABCDEF", |
| "Status": "Active", |
| "SecretAccessKey": "mySecret", |
| "CreateDate": "2019-07-30T13:52:59Z" |
| } |
| }</pre> |
| </div> |
| </div> |
| <div class="admonitionblock important"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-important" title="Important"></i> |
| </td> |
| <td class="content"> |
| Remember the access key for later use. |
| </td> |
| </tr> |
| </table> |
| </div> |
| </li> |
| <li> |
| <p>Create a secret from the <code>SecretAccessKey</code> content.</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} create secret generic aws-cert-manager-access-key \ |
| --from-literal=CLIENT_SECRET=<REPLACE WITH SecretAccessKey content> -n cert-manager</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Use the <strong>Add inline policy</strong> link to add the inline policy to <a href="https://console.aws.amazon.com/iam/home#/users/cert-manager">AWS Cert-Manager</a>.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/aws-summary-iam-role.png"><img src="../_images/installation/aws-summary-iam-role.png" alt="aws summary iam role"></a> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Paste the following inline policy in the <strong>JSON</strong> tab:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">{ |
| "Version": "2012-10-17", |
| "Statement": [ |
| { |
| "Effect": "Allow", |
| "Action": "route53:GetChange", |
| "Resource": "arn:aws:route53:::change/*" |
| }, |
| { |
| "Effect": "Allow", |
| "Action": "route53:ChangeResourceRecordSets", |
| "Resource": "arn:aws:route53:::hostedzone/*" |
| }, |
| { |
| "Effect": "Allow", |
| "Action": "route53:ListHostedZonesByName", |
| "Resource": "*" |
| } |
| ] |
| }</pre> |
| </div> |
| </div> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/json-review-policy.png"><img src="../_images/installation/json-review-policy.png" alt="json review policy"></a> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Click <strong>Review policy</strong>.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/create-policy-review.png"><img src="../_images/installation/create-policy-review.png" alt="create policy review"></a> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>In the <strong>Name</strong> field, type <code>route53</code>, and click <strong>Create policy</strong>.</p> |
| </li> |
| <li> |
| <p>To create the certificate issuer, change the email address and specify the <code>accessKeyID</code>:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ cat <<EOF | {orch-cli} apply -f - |
| apiVersion: cert-manager.io/v1alpha2 |
| kind: ClusterIssuer |
| metadata: |
| name: che-certificate-issuer |
| namespace: cert-manager |
| spec: |
| acme: |
| server: https://acme-v02.api.letsencrypt.org/directory |
| email: your-email@example.com |
| privateKeySecretRef: |
| name: letsencrypt |
| solvers: |
| - selector: |
| dnsZones: |
| - "YOUR DOMAIN" |
| dns01: |
| route53: |
| region: eu-west-1 |
| accessKeyID: <USE ACCESS_KEY_ID_CREATED_BEFORE> |
| secretAccessKeySecretRef: |
| name: aws-cert-manager-access-key |
| key: CLIENT_SECRET |
| EOF</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Add the certificate by editing the domain name value (<code>aws.my-ide.cloud</code>, in this case) and the <code>dnsName</code> value:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ cat <<EOF | {orch-cli} apply -f - |
| apiVersion: certmanager.k8s.io/v1alpha1 |
| kind: Certificate |
| metadata: |
| name: che-tls |
| namespace: __<{prod-namespace}>__ |
| spec: |
| secretName: che-tls |
| issuerRef: |
| name: che-certificate-issuer |
| kind: ClusterIssuer |
| dnsNames: |
| - '*.aws.my-ide.cloud' |
| acme: |
| config: |
| - dns01: |
| provider: route53 |
| domains: |
| - '*.aws.my-ide.cloud' |
| EOF</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Check if the <code>issuerRef</code> name is the same as the <code>ClusterIssuer</code>. A new DNS challenge is being added to the DNS zone for <em>Let’s encrypt</em>.</p> |
| <div class="imageblock"> |
| <div class="content"> |
| <a class="image" href="../_images/installation/aws-hosted-zones-dns.png"><img src="../_images/installation/aws-hosted-zones-dns.png" alt="aws hosted zones dns"></a> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>The cert-manager logs contain information about the DNS challenge.</p> |
| </div> |
| </li> |
| <li> |
| <p>Obtain the name of the Pods:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} get pods --namespace cert-manager |
| NAME READY STATUS RESTARTS AGE |
| cert-manager-6587688cb8-wj68p 1/1 Running 0 6h |
| cert-manager-cainjector-76d56f7f55-zsqjp 1/1 Running 0 6h |
| cert-manager-webhook-7485dd47b6-88m6l 1/1 Running 0 6h</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Obtain the logs using the following command (here, <code>cert-manager-8d478bb45-sdfmz</code> is the name of the cert-manager Pod):</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ {orch-cli} logs -f cert-manager-8d478bb45-sdfmz -n cert-manager |
| I0730 14:46:25.382385 1 sync.go:274] Need to create 0 challenges |
| I0730 14:46:25.382401 1 sync.go:319] Waiting for all challenges for order "che-tls-3365293372" to enter 'valid' state |
| I0730 14:46:25.382431 1 controller.go:204] cert-manager/controller/orders "level"=0 "msg"="finished processing work item" "key"="che/che-tls-3365293372" |
| I0730 14:46:25.382813 1 controller.go:219] cert-manager/controller/challenges "level"=0 "msg"="finished processing work item" "key"="che/che-tls-3365293372-0" |
| I0730 14:46:25.382843 1 controller.go:213] cert-manager/controller/challenges "level"=0 "msg"="syncing resource" "key"="che/che-tls-3365293372-0" |
| I0730 14:46:25.383037 1 dns.go:101] Presenting DNS01 challenge for domain "aws.my-ide.cloud" |
| I0730 14:47:03.061546 1 dns.go:112] Checking DNS propagation for "aws.my-ide.cloud" using name servers: [100.64.0.10:53] |
| I0730 14:47:03.220952 1 dns.go:124] Waiting DNS record TTL (60s) to allow propagation of DNS record for domain "_acme-challenge.aws.my-ide.cloud.”</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Ensure that the certificate is ready:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl describe certificate/che-tls -n eclipse-che |
| Status: |
| Conditions: |
| Last Transition Time: 2019-07-30T14:46:23Z |
| Message: Certificate issuance in progress. Temporary certificate issued. |
| Reason: TemporaryCertificate |
| Status: False |
| Type: Ready |
| Events: |
| Type Reason Age From Message |
| ---- ------ ---- ---- ------- |
| Normal OrderCreated 50s cert-manager Created Order resource "che-tls-3365293372"</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Wait for the status to become <code>OK</code> and ensure that the log contains the following entry:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">I0729 13:56:26.140886 1 conditions.go:143] Found status change for Certificate "che-tls" condition "Ready": "False" -> "True"; setting lastTransitionTime to 2019-07-29 13:56:26.140866531 +0000 UTC m=+4557.134131468</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Ensure that the status is up-to-date using the following command:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="nowrap">$ kubectl describe certificate/che-tls -n eclipse-che |
| |
| Status: |
| Conditions: |
| Last Transition Time: 2019-07-30T14:48:07Z |
| Message: Certificate is up to date and has not expired |
| Reason: Ready |
| Status: True |
| Type: Ready |
| Not After: 2019-10-28T13:48:05Z |
| Events: |
| Type Reason Age From Message |
| ---- ------ ---- ---- ------- |
| Normal OrderCreated 5m29s cert-manager Created Order resource "che-tls-3365293372" |
| Normal OrderComplete 3m46s cert-manager Order "che-tls-3365293372" completed successfully |
| Normal CertIssued 3m45s cert-manager Certificate issued successfully</pre> |
| </div> |
| </div> |
| </li> |
| </ol> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="installing-che-on-kubernetes-using-chectl_and_helm_che"><a class="anchor" href="#installing-che-on-kubernetes-using-chectl_and_helm_che"></a>Installing Che on AWS using chectl</h2> |
| <div class="sectionbody"> |
| <div class="ulist"> |
| <div class="title">Prerequisites</div> |
| <ul> |
| <li> |
| <p>The <code>chectl</code> management tool is available. See <a href="../using-the-chectl-management-tool/" class="page">Using the chectl management tool</a>.</p> |
| </li> |
| <li> |
| <p>The <code>helm</code> tool is available, with version 2.15 or higher. See <a href="https://helm.sh/">Helm</a>.</p> |
| </li> |
| </ul> |
| </div> |
| <div class="ulist"> |
| <div class="title">Procedure</div> |
| <ul> |
| <li> |
| <p>To install Che on AWS, run the following <code>chectl</code> command:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ chectl server:deploy --installer=helm --platform=k8s --domain=aws.my-ide.cloud --multiuser |
| › Current Kubernetes context: 'minikube' |
| ✔ Verify Kubernetes API...OK |
| ✔ 👀 Looking for an already existing Eclipse Che instance |
| ✔ Verify if Eclipse Che is deployed into namespace "eclipse-che"...it is not |
| ✔ ✈️ Kubernetes preflight checklist |
| ✔ Verify if kubectl is installed |
| ✔ Verify remote kubernetes status...done. |
| ✔ Check Kubernetes version: Found v1.15.12-gke.2. |
| ✔ Verify domain is set...set to aws.my-ide.cloud. |
| ↓ Check if cluster accessible [skipped] |
| ✔ Following Eclipse Che logs |
| ↓ Start following Operator logs [skipped] |
| ✔ Start following Eclipse Che server logs...done |
| ✔ Start following Postgres logs...done |
| ✔ Start following Keycloak logs...done |
| ✔ Start following Plugin registry logs...done |
| ✔ Start following Devfile registry logs...done |
| ✔ Start following namespace events...done |
| ✔ 🏃 Running Helm to install Eclipse Che |
| ✔ Verify if helm is installed |
| ✔ Check Helm Version: Found v3.4.1+gc4e7485 |
| ✔ Create Namespace (eclipse-che)...does already exist. |
| ✔ Check Eclipse Che TLS certificate...self-signed TLS certificate secret found |
| ✔ Check Cluster Role Binding...does not exists. |
| ✔ Preparing Eclipse Che Helm Chart...done. |
| ✔ Updating Helm Chart dependencies...done. |
| ✔ Deploying Eclipse Che Helm Chart...done. |
| ✔ ✅ Post installation checklist |
| ✔ PostgreSQL pod bootstrap |
| ✔ Scheduling...done |
| ✔ Downloading images...done |
| ✔ Starting...done |
| ✔ Devfile registry pod bootstrap |
| ✔ Scheduling...done |
| ✔ Downloading images...done |
| ✔ Starting...done |
| ✔ Plugin registry pod bootstrap |
| ✔ Scheduling...done |
| ✔ Downloading images...done |
| ✔ Starting...done |
| ✔ Eclipse Che pod bootstrap |
| ✔ Scheduling...done |
| ✔ Downloading images...done |
| ✔ Starting...done |
| ✔ Eclipse Che status check...done |
| ✔ Prepare post installation output...done |
| ✔ Show important messages |
| ✔ Eclipse Che 7.26 has been successfully deployed. |
| ✔ Documentation : https://www.eclipse.org/che/docs |
| ✔ ------------------------------------------------------------------------------- |
| ✔ Users Dashboard : https://eclipse-che-eclipse-che.aws.my-ide.cloud |
| ✔ Admin user login : "XXX:XXX". NOTE: must change after first login. |
| ✔ ------------------------------------------------------------------------------- |
| ✔ Plug-in Registry : https://plugin-registry-eclipse-che.aws.my-ide.cloud/v3 |
| ✔ Devfile Registry : https://devfile-registry-eclipse-che.aws.my-ide.cloud |
| ✔ ------------------------------------------------------------------------------- |
| ✔ Identity Provider URL : https://keycloak-eclipse-che.aws.my-ide.cloud/auth |
| ✔ Identity Provider login : "XXX:XXX". |
| ✔ -------------------------------------------------------------------------------</pre> |
| </div> |
| </div> |
| </li> |
| </ul> |
| </div> |
| <div class="olist arabic"> |
| <div class="title">Verification steps</div> |
| <ol class="arabic"> |
| <li> |
| <p>Investigate Eclipse Che logs:</p> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre>$ chectl server:logs --namespace eclipse-che</pre> |
| </div> |
| </div> |
| </li> |
| <li> |
| <p>Verify that certificates are set correctly</p> |
| <div class="olist loweralpha"> |
| <ol class="loweralpha" type="a"> |
| <li> |
| <p>Open Eclipse Che server URL from the output above</p> |
| </li> |
| <li> |
| <p>Click on the lock in address bar</p> |
| </li> |
| <li> |
| <p>Verify it has <strong>Connection is secure</strong></p> |
| </li> |
| </ol> |
| </div> |
| </li> |
| </ol> |
| </div> |
| <div class="ulist"> |
| <div class="title">Additional resources</div> |
| <ul> |
| <li> |
| <p><a href="../../end-user-guide/navigating-che-using-the-dashboard/" class="page">Navigating Che using the Dashboard</a>.</p> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </div> |
| </article> |
| </div> |
| </main> |
| </div> |
| <footer class="footer"> |
| <div><a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> | |
| <a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> | |
| <a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> | |
| <a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> | |
| <a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div> |
| </footer> |
| |
| <script src="../../../_/js/site.js"></script> |
| <script async src="../../../_/js/vendor/highlight.js"></script> |
| </body> |
| </html> |